﻿--[[
Rule name: CVE-2025-24813 Tomcat RCE
Filtering stage: Request phase
Threat level: Critical
Rule description: Filter the Tomcat remote code execution vulnerability (CVE-2025-24813)
--]]


if waf.method == "PUT" and waf.endWith(waf.uri, "/session") and waf.reqHeaders["Content-Range"] then
    return true, waf.form["RAW"], true
end

return false